The Cyber War Threat
August 22, 2006: U.S. Cyber War experts are getting worried about the changing patterns of cybercrime. The Internet criminals are becoming a lot more expert at finding flaws in Internet software, and exploiting it. The cyber gangsters are interested mainly in money, but their work has increased the risks of terrorists, or some nations Cyber War troops, launching some really destructive attacks.
Worst of all, the Cyber War threat is fading from public view. That's because spectacular virus and worm attacks that, in the past, hit millions of PC users, are becoming rather rare. Between 2002 and 2004, there were some one hundred large scale attacks (using viruses or worms). But last year there were only six such attacks, and fewer this year. The more professional black hats (criminal hackers) are in it for the money now, not so show off, and prefer to operate beneath the radar. This means it's becoming increasingly difficult for users, be they home, commercial or military, to even know their networks have been compromised, and infiltrated by outsiders.
And it gets worse, with an increasing number of vulnerabilities being found in routers, server software, and other aspects of the Internet that are run by Internet professionals, not just PC users, it's more likely that attacks could shut down large sections of the Internet. Even some widely used applications, like Microsoft Office (WORD, Excel and Powerpoint) are now being heavily researched by the bad guys for exploitable flaws.
Military and government computer security officials are more alert to signs that Cyber War type attacks are under way. These would be small scale operations, such as testing attacks designed to pave the way for massive amounts of damage if done on a larger scale. For example, there could be a tailored attack, designed to take down many military Internet sites and capabilities, if carried out on a large scale. So far, this sort of thing has been largely theoretical, but the attitude among the pros is that it's not a matter of if, but when, when someone does some targeted, heavy duty damage to someone else's Internet resources.